Anti-malware solutions often implement heuristic-based detection technologies that are capable of detecting malware for which a malware signature is unavailable. In particular, instead of comparing a file against a signature set, such heuristic-based detection technologies may be programmed to analyze various features of a file in order to determine whether the file contains malware. For example, heuristic-based detection technologies may be programmed to evaluate the file size, the file name, the file location, and/or the file extension of each file encountered during a malware scan in order to determine whether any of the files encountered contain malware.
While heuristic-based detection technologies may provide broader detection capabilities than signature-based detection technologies, malware authors may still be capable of modifying malware to become undetectable to these heuristic-based detection technologies. For example, a malware author may modify the file size, the file name, the file location, and/or the file extension of a malicious file until the file becomes undetectable to the heuristic-based detection technologies. This process of modifying malware until the malware becomes undetectable is sometimes known as brute-force malware testing.
Malware that is undetectable to heuristic-based detection technologies may effectively undermine and/or cheapen security-software products that implement such heuristic-based detection technologies. The instant disclosure identifies a need, therefore, for a mechanism that frustrates the efforts of malware authors attempting to develop undetectable malware through brute-force malware testing.